When my boss trys to VPN with his laptop, it gets stuck authenticating. He has shutdown restarted, but still is not able to logon. Suggestions? I am running the new OS Maverick with the new OS X server software 3.0.
OS X Mountain Lion (10.8.2)
I've removed all the port forwarding in my AEBS and let Server recreate the port forwarding for VPN by itself inside of Server and I still can't connect.
Can anyone post their exact settings (without giving away any security info, obviously) to show us that it's working. Maybe there's a small detail that many of us are overlooking since it works for some of you but not for the rest of us.
Thanks.
I seem to be having this problem as well. I can make a L2TP VPN connection to the server on my local network but not from outside. I'm using a Time Capsule as my router and DHCP server. Server seems to be setting up the ports on the TC correctly but I'm unable to connect from outside. I did have iCloud/BackToMyMac turned on but have now turned BTMM off and logged off of iCloud on that machine and restarted but still no VPN connection. I do not have any routes set up as I'm happy to have all traffic go via the VPN when I'm connected but don't know if I need a route to make L2TP work. I don't believe I did under 10.8.
Hello there as well,
I've the same issue and I investigate the problem. The reason why it does not work is, that the racoon (IKE Daemon) does not accept connections on port 4500 (IKE for NAT-T) if the source port is random generated.
Since Mavericks and IOS7 the source port from the client is no longer 4500, this lead to this problem (except you have a old VPN connection already setup bevor you update to IOS7 on your Phone).
If you are in the same network like your server, the IKE NAT-T is not used. In this case the regular port 500 (IKE) is used, and this works as expected. At the moment we have to wait if the problem is fixed by Apple.
There are two possibilities, they can adjust the clients or the server configuration. However if you want to use VPN with OS X native methods, use PPTP. This is not affected but of course it provides no Layer 2 Tunneling.
Regards,
Daniel
Hello bfdulock,
I was working with ML Server 2.2.2 and all was fine! After upgrade to Mavericks, VPN is not working any more, when I try to connect from outside my network. Local all is still working as well as before.
Because I want to solve the issue, I did multiple Tests. Nothing helps me to connect vis L2TP with my Mac Server 3 - VPN.
Here is something new: I tried to connect with an iPod touch 4. Generation, running iOS 6.1.3. The iPod couldn't connect with the Server, not from intern the local network, and still not from the outside.
So it seems Apple has to do somethung, not the user !!
Best regards,
Heiner
For those that are having VPN issues outside the local network and is connecting VPN locally fine on OS 10.9 Server,
Has anyone tried turning off the built-in Adaptive Firewall of OS 10.9? If it works., then I suggest deleting the prefs file of the adaptive firewall
com.apple.alf.plist
I know when I moved up to Mavericks Server form 10.8.5 Server it generated
com.apple.alf.plist.lockfile
com.apple.alf.plist~orig
I know I did not have any issues with my VPN, but one of my clients who has a 10.8.5 Server had some adaptive firewall issues and was do to a corrupted com.apple.alf.plist
try turning off the adaptive firewall if you are using it.. delete the prefs and turn it on again so it can create a new prefs. check out the options to make sure correct options are there.
Ok, I'm a little confused.. What firewall is the one you can turn on at Security and Privacy?
vs
http://support.apple.com/kb/HT5519
oh I guess I got confused with past articles that I read... oh welll.....
anyway for those that upgraded from 10.6.8 server or before and kept ipfw settings I wonder if that's an issue?
Ok... Now I answered my own question.. apparantly, I've been using Application Layer Firewall (alf)...... ok time to switch on Adaptive firewall through OS X Server...
Anyway for those who have been using ALF through Security and Privacy, yeah try deleting the prefs for it.. might work...
I have the same issue. I can connect with PPTP but can't connect with L2TP from the internet, but it works from the local LAN. I called Apple support and they told me, after sending them my server logs, that it's a bug in the server and it will be fixed in 10.9.1
Same here, but I found something new today,
the l2tp vpn can connect when i am in local network, AS WELL AS when I am in SOME of the external network. today I tried to connect the vpn server which locate at home from a wifi network in the univeristy, and it worked.
the network I tried and failed before include the 4G cellular network of my iphone and most wifi.
seems the network in my university uses some kind of cisco-related system.
what I am sure is, this is not related to any DNS (as ssh worked properly) nor firewall (as it worked on some networks).
should it be some configurations about how packets are treated? I have no knowledge on this..
Universities often have large blocks of actual ip addresses, which won't need nat-t to work. That's why they work without modification. Reverting raccoon works.
how to revert raccoon? nice if there is step by step guide, and even nicer if everything can be finished in ssh terminal.
Thanks!
It's not that easy. You need to have a copy of ML's raccoon before you can start. I reverted from Time Machine backups of the server for most of my servers, but one, I copied from a yet-updated machine. Your mileage may vary.
Once you have a copy, replace the one in /usr/sbin, and reboot.
so it is impossible if i don't have a backup.....
If you have another ML machine, it's a part of the standard OS. I doubt Apple would like it if someone distributed it, and I don't really want a call from their lawyers today.
For another data point, most of our clients (10.9, 10.8.x, iOS 7, and iOS 6.x) cannot connect to server 3.0 after the upgrade on L2TP; however, for some clients the upgrade did not change the ability to connect at all. I work remotely and am the most frequent user and my iMac and connection was unaffected. Our setup is a Mac mini behind a AEBS with a single Comcast fixed business IP address. So far everyone can connect with PPTP once we turned that on and had the server adjust the port on the AEBS.
For L2TP it is clearly not all or nothing. My iMac is running server as well, but I know of two laptops that were also unaffected by the upgrade -- neither running server and one on ML & one on Mavericks.
Just updated to OS X server 3.0 now VPN is not working
